Microsoft Security Risk Detection

Established: January 1, 2015

The Microsoft Security Risk Detection Service (MSRD) was discontinued effective June 25, 2020. This service from Microsoft Research provided users with a premium software testing experience, searching for vulnerabilities in native code with the power of MSR‘s Scalable Automated Guided Execution (SAGE) tool. As the security industry shifts from gate-driven audits by professional testers to automated testing by developers, we’re also shifting our approach to open source. In ISOCpp‘s 2020 annual survey, 37% of developers are now using sanitizers and fuzzing in concert in a continuous deploy setup. Modern fuzzing is driven by open source sanitizers that bake instrumentation and test case generation into software at compile time; Microsoft will adopt this paradigm.

Microsoft Research has replaced the MSRD fuzzing service with an open source self-hosted developer fuzzing platform for Azure. OneFuzz is currently being developed and tested as a partnership with many of Microsoft’s core product teams. This fuzzing platform integrates sanitizers and allow for adaptive, learning fuzz tests built into CI/CD pipelines that grow over time with software projects. OneFuzz was released open source on github in 2020 in collaboration with partners to bring Azure-powered fuzzing to developers everywhere.



Portrait of Cheick Keita

Cheick Keita

Senior Software Engineer

Portrait of Marina Polishchuk

Marina Polishchuk

Software Engineer

Portrait of Ram Nagaraja

Ram Nagaraja

Principal Program Manager

Portrait of William Blum

William Blum

Research Engineer

Portrait of Stas Tishkin

Stas Tishkin

Senior Software Engineer

Portrait of Dave Tamasi

Dave Tamasi

Program Manager

Portrait of Marc Greisen

Marc Greisen

Principal Development Manager